CVE-2006-5806Sensitive Information Exposure in Cisco Secure Desktop

CWE-200Sensitive Information ExposureCWE-2644 documents4 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 74.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Desktop
Timeline
PublishedNov 8
Latest updateMay 1

Description

SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDcisco/secure_desktop3.1.1.33

🔴Vulnerability Details

2
GHSA
GHSA-v6m5-m945-2767: SSL VPN Client in Cisco Secure Desktop before 32022-05-01
CVEList
CVE-2006-5806: SSL VPN Client in Cisco Secure Desktop before 32006-11-08

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Secure Desktop2006-11-08
CVE-2006-5806 — Sensitive Information Exposure in Cisco | cvebase